In an interview with Florian Lukavsky, Managing Director of the newly founded IoT Inspector GmbH, and Ulrich Fleck, Managing Director of SEC Consult, the two explain why the decision was made and what goals and expectations they associate with it.
Goodbye, IoT Inspector – Hello, IoT Inspector GmbHIoT news
What was the reason for developing IoT Inspector in the first place?
Ulrich Fleck: At SEC Consult, we started early on to look for those security vulnerabilities that were becoming more and more problematic due to the constantly growing number of IoT devices and their possible applications. That’s the reason we developed our own tool to make our work easier. Over time we expanded it into IoT Inspector - a tool that we have successfully used in several hundred projects. Now we made it available to other organizations to analyze their IoT devices.
Why did IoT Inspector become an independent company?
Ulrich Fleck:Current forecasts predict up to 75 billion IoT devices worldwide in 2025, which would be three times as many as are currently in use.* In this extremely dynamic market, the need for analysis tools such as the IoT Inspector is very high. We want to keep up with this predicted growth. By becoming a standalone company, IoT Inspector has better opportunities to intensify existing customer relationships and initiate new partnerships. In addition, it has become apparent that IoT Inspector is an attractive tool for other cybersecurity companies as well. Now IoT Inspector GmbH can offer the platform independently on the market and strengthen its position. As SEC Consult, we will of course continue to use IoT Inspector for analysis.
What team is behind IoT Inspector?
Florian Lukavsky: We are currently a small, motivated team of around ten employees who are constantly developing IoT Inspector and adding new features. I am happy to work with Rainer Richter in the management team. Together we are implementing our strategy for a successful future of IoT Inspector GmbH. Currently achieving greater flexibility in the support and acquisition of customers and partners has the highest priority.
What are the next big (internal and external) projects? What can we look forward to?
Florian Lukavsky: We have set ourselves an ambitious and exciting roadmap for the next few months. With the release of "IoT Inspector Monitoring" at the beginning of November 2020, companies can have their firmware continuously checked for new vulnerabilities and thus actively counter new threats. In addition, we are developing a variety of new analysis methods to provide even more granular notification of violations of international security standards. We also have our sights set on supporting additional and new IoT platforms such as Windows IoT. And then we have a few other hot irons in the oven, which we will announce at the appropriate time ;)
What challenges await IoT Inspector?
Florian Lukavsky: The technological race between hackers, manufacturers and IT security companies has intensified considerably as a result of the digital transformation: The power of the cloud and the ability to control IoTDevices with mobile devices has drastically increased the number of devices. As a result, the potential impact of an attack on a private IoT network via connection to the cloud is also much higher. Attackers can use a single vulnerability in the cloud to attack countless devices, "incorporate" these devices into a botnet, and thus gain visibility into millions of private networks. This development will certainly intensify, and we will continue to push our work in this direction.
What potential do you see for the IoT market?
Ulrich Fleck: The Internet of Things has entered everyday life to an extent that makes it almost impossible to get an overview of the status of IoT cybersecurity. That's why a tool like IoT Inspector is important to assess the security of devices as easily and quickly as possible. In addition, institutions and authorities such as the German BSI are now providing guidelines for IoT devices to reduce the threat scenario. Another example is California which has passed a law prohibiting the manufacture or sale of Internet-connected devices that are not equipped with a unique password. Major equipment manufacturers are busy putting their own certificates on IoT devices, and detecting them is one of IoT Inspector's strengths. When working on customer projects, the security of customer premise equipment (CPE) from (Internet) service providers has also become a very important area of application. In any case, the focus on the security of the IoT universe will increase.
Florian Lukavsky: I still see great potential in the Industrial Internet of Things. Many companies want to take advantage of the technology, but often still have concerns about the complexity as well as heterogeneity within the IT and OT infrastructure. Security must be a top priority: Plant espionage, sabotage or blackmail are risk scenarios that companies must take seriously. Here, we can intervene with our analysis and help to drive the security of IIoT technology.
Facts & Figures about the world of IoT Inspector
- IoT devices already outnumber the world's population several times over.
- Every day, more than 7.7 million new devices are connected to the Internet.
- 69 percent of all enterprises have more IoT devices than traditional endpoints on their networks.
- 67% of all known incidents in enterprises in H1/2019 involved IoT devices or unattended IT devices.
- In 2019, the number of cyberattacks on IoT devices increased by 100 percent.
- More than 90 percent of firmware analyzed by IoT Inspector has critical vulnerabilities.
- Standard user credentials are among the most common vulnerabilities.
* The numbers vary depending on which report you look. Other forecasts predicts that 38.6 billion devices will be connected by 2025, and 50 billion by 2030.